In a physical altercation, fighting back is an understood method of self defence. But when it comes to organisations responding to hackers, it can be (and often is) illegal for companies to respond in kind. Of course, there are ways to respond to hackers beyond simply defending against them, and many companies are seeking out these legal remedies. What are they—and perhaps more importantly, is it a good idea to pursue them?
The hacking epidemic
Cyber attacks are on the rise, and defence against them already accounts for billions of dollars spent—to say nothing of damage control when they’re successful. Most countries have laws against computer intrusion, which means that the actions of hackers are unambiguously illegal. However, hackers often focus on targets in different countries, to avoid prosecution. While defence may be possible in most cases, it can be enormously frustrating for companies to acknowledge the fact that hackers can (and will) repeat their behaviour until they’re successful. This frustration has led many an organisation and security expert to consider striking back.
Some security experts think that retaliatory hacking is a bad idea, in part because of the legal complications, and in part because it simply perpetuates a wild west attitude in the cyber community. Others, however, consider hack backs and counter attacks to be one of the few things that can work to deter hackers from striking the same targets repeatedly. Counterattacks, they say, raise the price of doing business for hackers. If hackers know that their malicious behaviour will come back to them, they’ll move on to a different target.
Some companies, like Microsoft, have skirted the legal issues by securing approval from courts to shut down the sources of malicious attacks. However, this type of approval is not easy, or inexpensive, to get, which leaves other companies considering taking matters into their own hands.
There are a number of benefits to fighting back, aside from assuaging the frustration that comes with being the target of an attack. Hacking back can help an organisation gain intelligence on their attacker, disable the attacker, or dissuade the attacker from future attacks.
There are also some drawbacks aside from potential legal implications. Some attackers will view a hack back as a challenge, and be determined to do greater harm as a result. It’s important to confer with legal counsel as well as cyber security experts prior to taking counterattack action.